<?php
/**
* Update the user preferences
*
* @author       Fabrice Douteaud <clearbudget@douteaud.com>
* @package      framework
* @access       public
*/

/***********************************************************************

  Copyright (C) 2008  Fabrice douteaud (clearbudget@douteaud.com)

    This file is part of ClearBudget.

    ClearBudget is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    ClearBudget is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with ClearBudget.  If not, see <http://www.gnu.org/licenses/>.


************************************************************************/
//prevent direct access
if(!defined('ENGINEON')) die('Direct access forbidden');
global $context;
// some flags
$missingMandatoryUserSettings = false;
$badUsername = false;
$badPassword = false;
$settingsSuccess = false;
$badCurrentPassword = false;

// define the default values
is_null($context->username)?$username = class_settings::getUsername():$username = $context->username;
$password =  $context->password;
is_null($context->secureAccess)?$secureAccess = class_settings::secureAccess():$secureAccess = $context->secureAccess;
is_null($context->currency)?$currency = class_settings::getCurrency():$currency = $context->currency;
is_null($context->language)?$language = class_settings::getLanguage():$language = $context->language;

// if the user did not submit, we simply go to the view
if($context->submit == null) {
  return;
  }

// get the current password in DB if any
$password_in_db = class_settings::getPassword(true);
  
// if site is secured, we must get the current password before anything
if(class_settings::secureAccess()) {
  $current_password = $context->current_password;
  // if there is already a password
  // we compare it with the one given
  // if ok, we continue
  // if not ok, we echo error
  if($password_in_db!=false) {
    if($password_in_db != md5($current_password)) {
      $badCurrentPassword = true;
      return;
      }
    }
  }
  
// if we have the request to secure the access to the site, we must have a valid username and password
if($context->secureAccess === '1') {
  // get the username and password from the user
  $username = $context->username;
  $password = $context->password;
  
  // check if username and password are valid
  if($username == null || $username == '' || strlen($username)<6) {
    $badUsername = true;
    return;
    }
  if(!$password_in_db && ($password == null || $password == '' || strlen($password)<6)) {
   $badPassword = true;
   return;
   }
  }
else {
  // if secure access is not requested, then we make sure that no password is in the DB anymore
  class_settings::resetPassword();
  }

$language = $context->language;
$currency = $context->currency;
// if everything is good, we update the user preferences
if($language!='NULL' && $currency!='NULL' && $language!='' && $currency!='') {
  $settingsSuccess = true;
  // update the user settings
  class_settings::updateUserSettings(true);
  // update the cookie as the username or password may have changed
  class_userCookie::setUserCookie(class_settings::getUsername(), class_settings::GetPassword());
  }
else {
  $missingMandatoryUserSettings = true;
  }

// switch to the new language if necessary
class_propertyKey::switchToLang(class_settings::getLanguage());
?>